home

MobogenieService.exe

MobogenieService.exe

Beijing AmazGame Age Internet Technology Co., Ltd.

The application MobogenieService.exe by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a windows Service named “MobogenieService”. While running, it connects to the Internet address hdc86-35-3-192.romtelecom.net on port 80 using the HTTP protocol.
Publisher:
Mobogenie.com  (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:
MobogenieService.exe

Version:
1.0.0.6

MD5:
f57a690656a8cacfabb78e30d1e71ee1

SHA-1:
ee009f079c053da55bd74c574a5edc8e1d8a1fc8

SHA-256:
4da99871d623eaba135003ee7bb960770618090374fd655fa3091bd38f9000cb

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 11:29:08 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Mobogenie.7
9.0.1.0151

Reason Heuristics
PUP.Optional.Service
15.5.31.5

File size:
124.7 KB (127,680 bytes)

Product version:
1.0.0.6

Copyright:
Copyright (C) 2014

Original file name:
MobogenieService.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\mobogenie3\mobogenieservice.exe

Digital Signature
Signed by:
Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 3:00:00 AM

Valid to:
6/16/2015 2:59:59 AM

Subject:
CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata
Compilation timestamp:
5/28/2015 5:16:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:F0vocDQdNJVOlSaBYlUE7q6gV9zUgotJY+jhO3B7IJsV:OocMNqYQy2KgotxjhO3ByI

Entry address:
0x14BAA

Entry point:
E8, F4, 04, 00, 00, E9, B3, FD, FF, FF, FF, 25, 60, 73, 41, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 34, E0, 41, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, FF, 25, 80, 72, 41, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, E8, 41, 00, 89, 0D, B4, E8, 41, 00, 89, 15, B0, E8, 41, 00, 89, 1D, AC, E8, 41, 00...
 
[+]

Entropy:
6.1867

Code size:
85.5 KB (87,552 bytes)

Service
Display name:
MobogenieService

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-254-213-170.ap-southeast-1.compute.amazonaws.com  (54.254.213.170:80)

TCP (HTTP):
Connects to ec2-54-255-133-240.ap-southeast-1.compute.amazonaws.com  (54.255.133.240:80)

TCP (HTTP):
Connects to hdc86-35-3-192.romtelecom.net  (86.35.3.192:80)

TCP (HTTP):
Connects to hdc86-35-3-193.romtelecom.net  (86.35.3.193:80)

TCP (HTTP):
Connects to server-54-230-187-203.cdg51.r.cloudfront.net  (54.230.187.203:80)

TCP (HTTP):
Connects to s3-ap-southeast-1-w.amazonaws.com  (52.219.32.36:80)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

TCP (HTTP):
Connects to smartbrowsebr-mx.terra.com  (208.70.188.15:80)

TCP (HTTP):
Connects to server-54-240-186-252.mad50.r.cloudfront.net  (54.240.186.252:80)

TCP (HTTP):
Connects to server-54-230-187-27.cdg51.r.cloudfront.net  (54.230.187.27:80)

TCP (HTTP):
Connects to server-54-230-187-152.cdg51.r.cloudfront.net  (54.230.187.152:80)

TCP (HTTP):
Connects to server-54-230-0-223.lhr5.r.cloudfront.net  (54.230.0.223:80)

TCP (HTTP):
Connects to ip-172-26-136-19.ec2.internal  (172.26.136.19:80)

Remove MobogenieService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.